Cisco ASA to Cent OS 5 ipsec tunnel ip forwarding / sharing

I have a windows server that I want to run a bunch of custom services on and share with several ip's via different linux boxes from outside vendor.

I'm trying to get the first setup complete so I can test so I only need 1 case but this solution will have to work with multiple outside linux servers and the same windows inside server.  

So my windows server has several IP's I'm going to use 2 for this example.

Windows Server - 10.3.0.20 and 10.3.0.21
There is an ASA 5505 with a inside ip of 10.3.0.1 and the outside ip of 50.x.x.1

Then I have a Cent 5 box with a single private ip of 10.4.23.82 on eth0 and public ip's of 69.x.x.1 and 69.x.x.2 on eth1

iptables are installed but stopped.  openswan is installed and I have a tunnel up between the asa and the cent

ipsec service status shows 1 tunnels up

That's as far as I got.

What I would like to do is make it so when a user comes to 69.x.x.1 it is forwarded to 10.3.0.20 and 69.x.x.2 and it goes to 10.3.0.21
and vice versa when a connection is established on 10.3.0.20 I want it to route out through 69.x.x.1 and 10.3.0.21 to route out through 69.x.x.2

I don't want the outside world to know about the 50.x.x.1 network.

The question is how can I configure this so that is possible with keeping in mind that someday I'll want this to work and then go get another outside linux box and have a new ip of 70.x.x.1 go to 10.3.1.20 etc. etc.

Thanks
b2krisAsked:
Who is Participating?
I wear a lot of hats...

"The solutions and answers provided on Experts Exchange have been extremely helpful to me over the last few years. I wear a lot of hats - Developer, Database Administrator, Help Desk, etc., so I know a lot of things but not a lot about one thing. Experts Exchange gives me answers from people who do know a lot about one thing, in a easy to use platform." -Todd S.

b2krisAuthor Commented:
I forgot to mention that foreach 1 to 1 mapping there will only be 1 port used.  For example

69.x.x.1 going to 10.3.0.20 would be only tcp 80
69.x.x.2 going to 10.3.0.21 would be only tcp 443
0
AkinsdNetwork AdministratorCommented:
Configure a static NAT to forward traffic designated for 69.x.x.1 on port 80 to 10.3.0.20
Configure another static NAT to forward traffic designated for 69.x.x.2 on port 443 to 10.3.0.21
Create a dynamic NAT to translate traffic from 10.3.0.20 to 69.x.x.1 (you will creat an ACL permitting 10.3.0.20 subnet and have the NAT call that acl)
Create another dynamic NAT to translate traffic from 10.3.0.21 to 69.x.x.2  (you will creat another ACL permitting 10.3.0.21 subnet and have the NAT call that acl)

Follow the same pattern for any additional provisions you make
Configure a static NAT to forward traffic designated for 70.x.x.1 on port ?? to 10.3.1.20
Create a dynamic NAT to translate traffic from 10.3.1.20 to 70.x.x.1 (you will creat an ACL permitting 10.3.1.20 subnet and have the NAT call that acl)
0

Experts Exchange Solution brought to you by

Your issues matter to us.

Facing a tech roadblock? Get the help and guidance you need from experienced professionals who care. Ask your question anytime, anywhere, with no hassle.

Start your 7-day free trial
It's more than this solution.Get answers and train to solve all your tech problems - anytime, anywhere.Try it for free Edge Out The Competitionfor your dream job with proven skills and certifications.Get started today Stand Outas the employee with proven skills.Start learning today for free Move Your Career Forwardwith certification training in the latest technologies.Start your trial today
Cisco

From novice to tech pro — start learning today.

Question has a verified solution.

Are you are experiencing a similar issue? Get a personalized answer when you ask a related question.

Have a better answer? Share it in a comment.